|
|
|
|
|
|
by ralfn
2062 days ago
|
|
|
The reality is that GDPR is not strongly enforced at the moment. This is not uncommon for Europe and may be a cultural differences with other places. Those who have the intent to comply and are at least complying in spirit are not at any legal risk. Attitude matters. And the spirit is obvious: get consent if you enable a third party to unique identify a user in reality. I.e. if it's private data or if you enable correlation across websites. It's correlating and sharing you need consent for. Don't worry about a server log. It is not about what you make possible. It's about what you do. Technically any sysadmin can access some information they should not. It's unavoidable. But that's quite a far way from commercially exploiting databases of people without their consent. Honestly they should just ban the sale of personal information. Most internet marketing vendors are not actually in the business of selling personal data. Now the good ones suffer because of the bad ones. And the bad ones either pretend they have consent or find a way to get it. |
|
|
It was good for privacy, not because it's enforced or not and not because sites are showing cookie consents, but because it made the public more aware of centralization/privacy issues on the internet and companies a bit more careful with data processing. This law also resulted in many "privacy-friendly" alternatives for various services, which in the end led to a healthier market and improved data decentralization.